Charities Are Vulnerable To Severe Cyber Attacks

Uploaded on 2018-03-20 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

The UK’s charities could be at risk from a series of devastating cyber-attacks, intelligence officials from the National Cyber Security Centre have warned.

With around 200,000 charities registered in the UK, each one contains vast amounts of personal data and payment information on those that support them. This in turn makes them a huge target for the next wave of cyber-crime and potentially breaking the coming GDPR law.

In one case a charity lost £13,000 after its chief executive’s email was hacked. In a new report, experts at the centre, which is part of intelligence agency GCHQ, said charities are falling victim to a range of malicious activity, although the scale is unclear because of under-reporting.

The report said: “The NCSC believe there is considerable variation in charities’ understanding, approach to and application of cyber security". Some charities are aware their data is sensitive, valuable and vulnerable to malicious cyber activity. Fraud aimed at tricking employees with financial authority into transferring money is increasing, according to the report.

It highlighted one episode in which a charity lost £13,000 after the email of its CEO was hacked and a fraudulent message sent to its financial manager with instructions to release the funds.

Datasets containing personal details and financial information are an attractive target for criminals, the study noted. It said:

“Charity datasets may contain personally identifiable information of donors, trustees, patrons, partners, paid staff and volunteers.

“Some large charities hold several million donor records. The data may also include payment details relating to donations including card details.”

While cyber criminals are assessed as posing the greatest threat to the sector, charities are also seen as potentially attractive targets for nation states who “oppose or mistrust their activity”.

Alongside the threat assessment, the NCSC has published a guide outlining steps charities should follow to guard against attacks. They include advice on passwords, backing up data and protecting systems from malware.

NCSC director for engagement Alison Whitney said: “Cyber-attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat.

“That’s why we have created these quick and easy steps that will help charities protect themselves to protect their data, assets and reputation.”

Helen Stephenson, chief executive of the Charity Commission for England and Wales, said: “Charities play a vital role in our society and so the diversion of charitable funds or assets via cyber-crime for criminal purposes or personal gain is particularly damaging and shocking.

“The threat assessment confirms what we often see in our casework, unfortunately charities are not immune to fraud and cybercrime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust.

Huffington Post:     Image: Nick Youngson 

You Migh Also Read: 

Action Fraud: Social Media Used to Steal Charity Donations:

UK Fraud Hotspots Revealed:

 

« Millennials More Likely To Fall Victim To Cybercrime
On Twitter Fake News Gets More Traction Than Truth »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

SK-CERT

SK-CERT

SK-CERT National Computer Computer Emergency Response Team of Slovakia.

Snow Software

Snow Software

Snow Software is changing the way organizations think about their technology investments, empowering IT and business leaders to drive transformation with precision and agility.

ACI Worldwide

ACI Worldwide

ACI Worldwide powers electronic payments for more than 5,000 organizations around the world.

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

Upstream Security

Upstream Security

Upstream Security is the first cloud-based cyber-security solution that protects the technologies and applications of connected and autonomous vehicles.

Segusoft

Segusoft

With its encryption platform SEGULINK, Segusoft provides standard software for companies to securely transfer files and messages.

Aptible

Aptible

Security Management and Compliance for Developers. Aptible helps teams pass information security audits and deploy audit-ready apps and databases.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

CloudOak

CloudOak

CloudOak is a cloud channel provider for hybrid cloud Backup as a Service (BaaS), Disaster Recovery as a Service (DRaaS) and Archiving to Small to Medium Business (SMB).

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

Sayata Labs

Sayata Labs

Sayata delivers a streamlined solution for processing cyber policies. Increase profitability with an easy and intuitive platform.

VectorUSA

VectorUSA

VectorUSA is a premier technology solution provider. We design, build and maintain cybersecurity, data center, wireless and managed solutions – transforming business needs into technology solutions.

Enea

Enea

Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. Our products are used to enable services for mobile subscribers, enterprise customers and IoT.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

Quantum eMotion (QeM)

Quantum eMotion (QeM)

Quantum eMotion is a Montreal-based advanced developer leading the way towards a new generation of quantum-safe encryption for the quantum computing age.

Coffee Cup Solutions

Coffee Cup Solutions

We offer a full spectrum of IT Services, from our UK based Helpdesk to IT Consultancy and Cyber Security. Our team has the skills and experience to develop, deliver and manage IT for your business.